Notes from the 5th Internet, Law and Politics Conference: The Pros and Cons of Social Networking Sites, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on July 6th and 7th, 2009. More notes on this event: idp2009.
Policies for a safer Internet
Chaired by Agustí Cerrillo
Óscar Martínez de la Torrre, Spanish Ministry of Industry, Tourism and Trade.
The Plan Avanza [the Spanish plan to foster the Information Society] had an important part in raising awareness on the risks of the Internet, but also on providing confidence to newcomers.
The Spanish Law for the Access to Electronic Public Services also included strong measures to provide these services with high levels of confidence, e.g. so that people felt equally secure e-invoicing as invoicing.
The Spanish government has issued several other initiatives to promote confidence and security on the Internet as accompanying measures to major stratetegies like the promotion of Internet in the classroom, G2B and B2B projects, etc.
One of the drawbacks that we usually find in security measures is that humans are the weakest link: technology can be prepared to face difficult challenges or strong security attacks, but humans — because of ignorance, lack of digital literacy or just because they forget to — quite often perform actions in most insecure ways.
Robustness of infrastructures, collaboration platforms or emergent IT models are strategic issues to develop safer Internet strategies at the telecoms level.
The ITU has developed a set of procedures on Internet security available at http://www.itu.int/ITU-D/cyb/cybersecurity/.
Catalonia National Information Security Plan
Nacho Alamillo, Director General Astrea La Infopista Jurídica S.L.
Surprisingly, there are few attacks in comparison to how poorly prepared are the Administrations, firms and citizens in matters of Internet security. And one of the problems of cybercrime is not only cybercrime itself, but that it is normally tied to other illegal actions such as laundry money, (forced) prostitution, etc.
Reasons why people and institutions are poorly protected: lack of awareness, bad code/software, speed of technological changes (e.g. anti-virus being obsolete in 10′), lack of resources (e.g. small towns with -500 inhabitants but holding their data).
Main drivers of safer Internet policies: Privacity, e-Administration and secure infrastructures.
Strategic goals of the Catalonia National Information Security Plan:
- Establishment of a nation-wide safety strategy: research, awareness, collaboration within Administrations, fostering existing initiatives, etc.
- Backing the protection of critical infrastructures, especially those obsolete (“old is easier to attack”): electronic communications, electronic systems for industry control (SCADA), priority lines, etc.
- Fostering of a business network that provides secure IT: industrial policy to promote secure IT, creation of a private sector that provides social benefits, community based on free software.
- Increasing confidence in the Information Society: fight against cybercrime, help lines to risk-prone collectives
Ramon Codina: IPv6, which is known to be more secure, is going to be implemented in the short run at the Spanish level? Óscar Martínez: There are already “islands” that have implemented this protocol, but interoperability with other protocols is still a barrier. On the other hand, and as usual, the chain is as strong as its weaker link, which means that the implementation of the IPv6 should be made at the international level or, at least, at a European level. And this is still a far horizon.
Ismael Peña-López: After a first wave to put up content and handbooks and guidelines about security on a push-strategies basis, are we seeing a shift towards pull-strategies? Nacho Alamillo: We are trying to embed security procedures in each and every daily procedure in education, retail selling, etc. so that it becomes invisible and “normal” in everyone’s life. Óscar Martínez: We are trying too to create self-learning content instead of top-down training plans, so to give answers to people when they have the questions, and not the other way round. On the other hand, we’d rather focus on toolkits (again, answering specific questions) rather than generic handbooks, more how-to’s or what for’s instead of theoretical approaches.
Marc Tarrés: What’s the state of standards? Are they converging towards consensus? Nacho Alamillo: So far, there’s many of them and this poses a real coordination problem, though many efforts are being put in this subject.
- IDP2009: A Safe Internet, by Daithí Mac Sithigh